It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Buried in a Brazilian television report on Sunday was the disclosure that the NSA has impersonated Google and possibly other major internet sites in order to intercept, store, and read supposedly secure online communications. The spy agency accomplishes this using what's known as a "man-in-the-middle (MITM) attack," a fairly well-known exploit used by elite hackers. This revelation adds to the growing list of ways that the NSA is believed to snoop on ostensibly private online conversations.
In what appears to be a slide taken from an NSA presentation that also contains some GCHQ slides, the agency describes "how the attack was done" on "target" Google users. According to the document, NSA employees log into an internet router—most likely one used by an internet service provider or a backbone network. (It's not clear whether this was done with the permission or knowledge of the router's owner.) Once logged in, the NSA redirects the "target traffic" to an "MITM," a site that acts as a stealthy intermediary, harvesting communications before forwarding them to their intended destination.
Advertise on MotherJones.com
The brilliance of an MITM attack is that it defeats encryption without actually needing to crack any code. If you visit an impostor version of your bank's website, for example, the NSA could harvest your login and password, use that information to establish a secure connection with your real bank, and feed you the resulting account information—all without you knowing.
reply to post by miniatus
And that would do nothing to stop a MITM attack.
They could tap a router along the way and spoof the website you are using.
As far as you could tell you'd be using the website you intended to use but would be using one run by the NSA.
How did they think they would get away with this.
Apparently, The Amash Admendment will be voted on again in the House.
Congress needs to defund this runaway Agency.
reply to post by grey580
I abandoned google a while back .. startpage.com... is my go-to search engine.. it actually acts like a proxy to google, it takes your search request, queries google for you and presents the results..
So you get the accuracy of google without actually using google.
reply to post by TheMagus
It certainly could be used to gather login information.
And then post as people.
hrmmmm..... a posting notification feature could be handy on this site.
Or an authenticate computer to post feature.
reply to post by grey580
Google defaults to an https connection, so I don't think that a MitM exploit is going to do them much good. Spoofing DNS to re-route you to a fake Google site is possible, but I'd say very difficult and messy unless you were after select individuals.
This is why I do hail Snowden as a hero.. this kind of thing has been going on for a long time now, it took him to bring it to the public eye .. and now the government is just hoping this goes away.. the best thing that could happen is that stories keep coming out and the public constantly is aware of it.. the heat should not let off.
reply to post by SadistNocturne
That would do nothing in this situation.
The NSA can duplicate duckduckgo and trick you into thinking that you're on that site while they monitor your searches.